Http header 'referer' NULL in Servlet for pop-up window

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so, but I have a session timeout warning pop-up window in my application which will be triggered automatically before 5 minutes of session timeout from the JSP. Unfortunately this pop-up window "referer" header is always NULL and the request ends with error page. Please comments.

I don't fully understand the timeout flow of control you're trying to implement, but as regards the referrer header: That can be turned off (so that it is never sent, e.g. in Firefox), or it can be spoofed (e.g. using the Firefox extension refspoof), so I wouldn't rely on it to be valid or even be present.

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so

This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?

ashok sashrith
Greenhorn

Joined: Jan 31, 2005
Posts: 12

posted Dec 15, 2005 01:17:00

0

Thanks for your comments.

This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?

And the reason for this check is to make sure that the http request is initiatted from the application in sequence by the user. For example, the application should not allow to access the last page without coming thru all the previous pages.